Backup Compression and Transparent Data Encryption (TDE) have been immensely valuable and popular features in SQL Server.

In SQL Server 2016, backup compression was enabled for TDE databases. When you backup a TDE enabled database with compression and MAXTRANSFERSIZE > 64K, backup compression will kick in to reduce backup size and to improve overall backup performance and time.

Recently, Microsoft found some edge scenarios related to backup compression for TDE databases caused backups or restores to fail.

Hence our recommendations have been
• Avoid using striped backups with TDE and backup compression.

• If your database has virtual log files (VLFs) larger than 4GB, then do not use backup compression with TDE for your log backups.

• Avoid using WITH INIT when working with TDE and backup compression. Instead, use WITH FORMAT.

• Avoid using backup checksum with TDE and backup compression

Note: The default native backup uses MAXTRANSFERSIZE = 64K when the database has a single database file, so compression doesn’t kick in automatically for TDE enabled databases and the above issues aren’t encountered.

However, there are c scenarios (listed below) where the SQL server engine chooses to use MAXTRANSFERSIZE > 64K dynamically to optimize for performance. That means compression for TDE databases can kick in automatically even when maxtransfersize is not explicitly set.

• When the database has multiple data files created, it uses MAXTRANSFERSIZE > 64K for which the backup compression kicks in automatically if compression is specified and database has TDE enabled.
• When performing backup to url, the default MAXTRANSFERSIZE = 1MB for which the backup compression kicks in automatically if compression is specified and database has TDE enabled.

Starting SQL 2016 RTM CU7, SQL 2016 SP1 CU4 and above, improvements and updates to the SQL Server engine avoid these edge cases . If you plan to leverage native backup compression for TDE databases or are already using it, we strongly recommend you apply the latest CUs on SQL 2016 to ensure you are not hitting any of the known issues .

If you are already using backup compression for TDE databases in your environment on SQL 2016 builds below RTMCU7/SP1CU4, then we strongly recommend you validate your backups by a test restore and also apply the latest CUs proactively to ensure your RPO/RTO requirements are met.

If the restore of the backup from SQL Server build below RTMCU7/SP1CU4 is failing, then applying the latest CUs won’t allow restore of older backups.

Only backups created from the latest CU build will avoid the above issues and can be restored without any errors.

VDI support for backup compression on TDE enabled databases is not added yet and Microsoft plans to add it soon in an upcoming service releases of SQL Server.

You never know when some item that queries or alters data in SQL Server will cause issues.

Bruce Schneier recently commented on FaceID and Bluetooth security, the latter of which has a vulnerability issue. I was amazed to see his piece on infrared camera hacking. A POC on using light to jump air gaps is truly frightening. It seems that truly anywhere that we are processing data, we need to be thinking (see https://arstechnica.com/information-technology/2017/09/attackers-can-use-surveillance-cameras-to-grab-data-from-air-gapped-networks/)

Airborne attacks, unfortunately, provide a number of opportunities for the attacker. First, spreading through the air renders the attack much more contagious, and allows it to spread with minimum effort. Second, it allows the attack to bypass current security measures and remain undetected, as traditional methods do not protect from airborne threats. Airborne attacks can also allow hackers to penetrate secure internal networks which are “air gapped,” meaning they are disconnected from any other network for protection. This can endanger industrial systems, government agencies, and critical infrastructure. With BlueBorne, attackers can gain full control right from the start. Moreover, Bluetooth offers a wider attacker surface than WiFi, almost entirely unexplored by the research community and hence contains far more vulnerabilities

Finally, unlike traditional malware or attacks, the user does not have to click on a link or download a questionable file. No action by the user is necessary to enable the attack.

Fully patched Windows and iOS systems are protected

– the Equifax breach for example must worry everyone who has ever had credit in the USA. (Hackers broke into Equifax’s computer systems in March, which is two months earlier than the company had previously disclosed, according to a Wall Street Journal report.)

The Securities and Exchange Commission said Wednesday that a cyber breach of a filing system it uses may have provided the basis for some illegal trading in 2016. In a statement posted on the SEC’s website, Chairman Jay Clayton said a review of the agency’s cybersecurity risk profile determined that the previously detected “incident” was caused by “a software vulnerability” in its EDGAR filing system (which processes over 1.7 million electronic filings in any given year.) The agency also discovered instances in which its personnel used private, unsecured email accounts to transmit confidential information.

So let me suggest take a good look at your systems and be honest – do you feel safe?

Microsoft has released Microsoft 365, a complete, intelligent solution, including Office 365, Windows 10, and Enterprise Mobility + Security, that empowers everyone to be creative and work together, securely. Watch Satya introduce it.

What about your websites?
Although acts of vandalism such as defacing corporate websites are still commonplace, hackers prefer to gain access to the sensitive data residing on the database server and then to sell the data.

The costs of not giving due attention to your web security are extensive and apart form direct financial burden and inconvenience also risks:
• Loss of customer confidence, trust and reputation with the consequent harm to brand equity
• Negative impact on revenues and profits arising e.g. from falsified transactions, or from
employee downtime
• Website downtime – is in effect the closure of one of the most important sales and marketing channels
especially for an e-business
• Legal battles and related implications from Web application attacks and poor security
measures including fines and damages to be paid to victims.

Web Security Weaknesses
Hackers will attempt to gain access to your database server through any way they can e.g. out of date protocols on a router. Two main targets are :
• Web and database servers.
• Web applications.

Information about such exploits are readily available on the Internet, and many have been reported on this blog previously.

Web Security Scanning
So no surprise that Web security should contain two important components: web and database server security, and web application security.

It is of paramount importance to scan the security of these web assets on the network for possible vulnerabilities. For example, modern database systems (e.g. Microsoft SQL Server, Oracle and MySQL) may be
accessed through specific ports and so anyone can attempt direct connections to the databases to try and bypass the security mechanisms used by the operating system. These ports remain open to allow communication with legitimate traffic and therefore constitute a major vulnerability.

Other weaknesses relate to the database application itself and the use of weak or default passwords by
administrators. Vendors patch their products regularly, and equally regularly find new ways of
attack.

75% of cyber attacks target weaknesses within web applications rather than directly at the
servers. Hackers launch web application attacks on port 80 . Web applications are more open to uncovered vulnerabilities since these are generally custom-built and therefore pass through a lesser degree of
testing than off-the-shelf software.

Some hackers, for example, maliciously inject code within vulnerable web applications to trick users
and redirect them towards phishing sites. This technique is called Cross-Site Scripting (XSS) and may
be used even though the web and database servers contain no vulnerability themselves.

Hence, any web security audit must answer the questions “which elements of our network
infrastructure are open to hack attacks?”, “which parts of a website are open to hack attacks?”, and “what data can we throw at an application to cause it to perform something it shouldn’t do?”

Ask us about Acunetix and Web Security
Acunetix ensures web site security by automatically checking for SQL Injection, Cross Site Scripting,
and other vulnerabilities. It checks password strength on authentication pages and automatically
audits shopping carts, forms, dynamic content and other web applications. As the scan is being
completed, the software produces detailed reports that pinpoint where vulnerabilities exist

Hackerssuccessfully breached CCleaner’s security to inject malware into the app and distribute it to millions of users. Security researchers at Cisco Talos discovered that download servers used by Avast (the company that owns CCleaner) were compromised to distribute malware inside CCleaner. “For a period of time, the legitimate signed version of CCleaner 5.33 being distributed by Avast also contained a multi-stage malware payload that rode on top of the installation of CCleaner,” says the Talos team.

CCleaner has been downloaded more than 2 billion times according to Avast, making it a popular target for hackers. Dubbed “crap cleaner,” it’s designed to wipe out cookies and offer some web privacy protections. 2.27 million users have been affected by the attack, and Avast Piriform believes it was able to prevent the breach harming customers. “Piriform believes that these users are safe now as its investigation indicates it was able to disarm the threat before it was able to do any harm,” says an Avast spokesperson.

The Talos site update as of this week:
Update 9/18: CCleaner Cloud version 1.07.3191 is also reported to be affected
Update 9/19: This issue was discovered and reported by both Morphisec and Cisco in separate in-field cases and reported separately to Avast.
Update 9/19: There has been some confusion on how the DGA domains resolve.

Piriform, the developer of CCleaner now owned by security firm Avast, says that its download servers were compromised at some point between 15 August, when it released version v5.33.6162 of the software, and 12 September, when it updated the servers with a new version. In that period, a trojan was loaded into the download package which sent “non-sensitive data” from infected users’ computers back to a server located in the US. The data, according to Piriform, included “computer name, IP address, list of installed software, list of active software, list of network adapters”.

As well as the data leak, however, the infection also resulted in a “second stage payload” being installed on to the affected computer – another piece of malware, which Piriform says was never executed.“At this stage, we don’t want to speculate how the unauthorised code appeared in the CCleaner software, where the attack originated from, how long it was being prepared and who stood behind it,” the company’s vice president, Paul Yung, said.

The company says 2.27m users were infected, but added that “we believe that these users are safe now as our investigation indicates we were able to disarm the threat before it was able to do any harm”. By taking down the “command and control” server, Piriform may have prevented the infection being used to inflict further damage.

Cortana intelligence services management – showcases Recommendations API integration in Dynamics AX 2012 R3.
Use this capability to create a machine learning model and train that model generate recommendations.
Use this as a reference implementation, and then connect more Cognitive Service APIs or to bring other Cortana intelligence based insights into your Dynamics AX solution.
For more detailed information, review the Cortana Intelligent Services management white paper – available from us on request.

There are a number of enhancements/hotfixes related to DIXF.
A new feature enables an alternate way to report a carry-forward budget. The feature maintains the carry-forward status on relieving documents that were based on an originating document carried
forward.
(If you change functionality mid-year, and not after year-end, then retroactively update the budget for any transactions for the current year.
This feature cannot be disabled after it’s enabled, because transactions which )would not be considered carry-forward might have occurred using the alternate configuration)

Reprocessing of documents against Budget control. When issues are found, the budget manager can inquire into the documents that were found and reprocess these. After reprocessing, the data maintenance process
becomes a read-only record of the documents that were found, as well as showing the results of the reprocessing.
To update the Ledger takes a long time to run Advanced ledger allocation basis rules, as the TempDB fills up -this addresses that issue.

Many retail enhancements – here are a few:

In Retail the maximum number of fields you can add to a receipt footer is increased from 50 to 100.

Customer data privacy – extra fields in the Customer table indicate privacy choices, such as do not call,
email, text, and so on, for all interfaces in all channels

A Post-sync channel DB clean up will reduce data volume.

The X Report and Z Report (in POS and HQ)will no longer include the amounts from the sales quotations.

A feature is added to display/check loyalty card point balance on the Customer detail, Store operation and Loyalty payment page.

A performance issue arises on the Retail Sales form when there are a large number of SQL records in the AX database. KB 4024615 hotfix adds a Search button, and changes the process so that the query is run only when the button is clicked.

A new control allows users to sell (and return) items outside the store assortment.
A credit memo is created without reference at AX HQ if the credit memo is created during a time when the network at the store is down. KB 4021760 hotfix clears the credit memo that was created previously before creating a replacement.

These are some SCM enhancements that also impact performance:
‘Select packing slip’ takes a long time to process for an intercompany Sales Order when the sales policy is set to Unit price equal to cost price – whichis common practice.
KB 3212427 hotfix resolves the performance issue by optimizing data access and improving the performance of the business logic.

When you have a large number of bills of materials (BOMs), bill of materials lines, or BOM versions, you may experience that the performance of the BOM circularity check, that is optimized for high complexity, is not
acceptable. The hotfix he hotfix improve performance of the BOM circularity check, that is optimized for high complexity, in scenarios where you have a large number of bills of materials (BOMs), bill of materials lines, or BOM versions.

When you move to Dynamics 365 Finance and Operations, whether on cloud or on premise, ensure your understand the requirements to keep your system updated. The Modern Lifecycle Policy covers products and services that are serviced and supported continuously.

The Finance and Operations online service and the Finance and Operations (on-premises) software are covered by the Modern Lifecycle Policy. Licensed customers must stay current with updates to the Finance and Operations online service or the Finance and Operations (on-premises) software in accordance with the following servicing and system requirements:
•Starting with the release of Microsoft Dynamics 365 for Operations version 1611, application versions are supported for three years from the initial date of a major release, as specified in Table 1 later in this topic.

• Platform versions are supported for one year . Platform versions maintain backward compatibility. . Critical fixes and non-critical updates are handled in the following way:

Critical fixes – Microsoft may provide a customer with a hotfix for their current platform version of Finance and Operations, or a fix may be provided in the latest platform version of Finance and Operations, at its discretion.

Non-critical updates – Customers must update to the most current Finance and Operations platform version to deploy non-critical updates.

On-premises software update policies

On-premises deploymentsThe customer is in full control of its on-premises deployments and must follow this policy. The customer is in control of installing updates in its on-premises environments. Microsoft will support the Finance and Operations (on-premises) software through December 31, 2027, at a minimum, but only if the customer keeps the deployed software current according to this policy.

The Finance and Operations (on-premises) software is licensed and supported under the Modern Lifecycle Policy. This policy requires that the customer maintain Software Assurance (SA) or the Enhancement Plan, and that it deploys updates . Customers who want to use the Fixed Support Lifecycle Policy (5+5) must downgrade to Microsoft Dynamics AX 2012 R3.

When a customer lapses on SA or the Enhancement Plan, then it will be eligible only for the perpetual license rights to AX 2012 R3 and must uninstall the Finance and Operations (on-premises) software.

The initial release of the Finance and Operations (on-premises) software will be based on Platform update 8 and the July 2017 update of the application.

For details of what changed with which each update see https://docs.microsoft.com/en-us/dynamics365/unified-operations/dev-itpro/get-started/what’s-new-changed.

Be aware also if deployed on premise of related products like SQL, Windows, Office, Internet Explorer, Visual Studio, Sharepoint etc that may also need to be upgraded.

Note that both Microsoft Dynamics AX 2012 and Microsoft Dynamics AX 2012 R2 support will end in 2018

Here are some products for which support will end in 2018 start planning:
The following list represents some of the products reaching end of support in the next year. For a comprehensive list of Microsoft products and their lifecycle policy timelines, please search the Microsoft Lifecycle Product Database.Products Under the Modern Policy Moving to End of Support:
The following products, governed by the Modern Policy, have announced end of support for 2018. There will be no new security updates, non-security updates, free or paid assisted support options or online technical content updates.

Products Under the Modern Policy Moving to End of Support
Effective end dates are shown against each>

Fixed Policy Products Moving to End of Support:
The following products will be reaching end of support in 2018. There will be no new security updates, non-security updates, free or paid assisted support options or online technical content updates.

Products Transitioning from Mainstream to Extended Support: The following products will be moving from Mainstream Support into Extended Support over the next year. Extended Support lasts for a minimum of 5 years and includes security updates at no cost, and paid non-security updates and support. Additionally, Microsoft will not accept requests for design changes or new features during the Extended Support phase.

This hotfix addresses the issue where user security may be removed during Company to Company mapping when there is a SQLException.
If a SQLException occurs during the AX 2012 Companies to Company integration task, such as SQL server being offline, then users may be removed from the security groups in Management Reporter Security and from reporting tree definitions.
Once the cause of the SQL exception is corrected, the data mart integration task will complete, and users will once again be synchronized from Dynamics AX and added to Management Reporter Security, except they will have new user IDs.
The users with new IDs are then not added to the groups/trees that they were in previously.
This issue is logged as bug 3813390. Hotfix 3813390 prevents this issue from occurring.

—
Hotfix 3815274 is an optional hotfix that can be applied to CU16.
It can be loaded to revert a CU16 change with reporting tree rollups.
The hotfix will allow children nodes to be rolled up to a parent that contains a Dimension filter.
Before making any changes, be sure to have a backup of the MRServiceHost.settings.config file.
You can then do the following:
1. Open the Management Reporter Configuration Console.
You will need to be logged in as a user that has the Administrator role in MR, when starting the console.
2.Stop both the Process Service and the Application Service.
3.Navigate to “C:\Program Files\Microsoft Dynamics ERP\Management Reporter\2.1\Server\Services\MRServiceHost.settings.config”
4.Edit the config file in Notepad and then add the following line.
This will change the functionality such that dimension filters on summary tree units will be ignored (pre-CU15 functionality):

This new line should be added before the

1.Save your changes and close Notepad.
2.In the Management Reporter Configuration Console, start the Process Service and the Application Service.
Once the services are restarted, re-generate your reports for the changes to be applied.

Microsoft officially confirmed on September 1 that its Windows 10 Fall Creators Update release ) will begin to roll out to mainstream users worldwide starting October 17.
( Lenovo inadvertently revealed yesterday during a product launch at the IFA conference that the Fall Creators Update would arrive starting on October 17.)

Microsoft also will designate a September build of Windows Server 2016′s first feature update (1709) as its “launch” candidate, as the company plans to announce at its Ignite conference in late September. Server 1709 also will likely begin rolling out to users in October.

Windows 10 Fall Creators Update will include a number of new security features for enterprise users.
It also includes support for the Windows Mixed Reality headsets that Microsoft OEM partners will make commercially available October.

The Fall Creators Update also will reintroduce the placeholders concept for OneDrive storage with OneDrive Files on Demand.

Synergy is a well established, solution provider across the Middle East region.
Synergy has a strong presence in several key verticals; Manufacturing, Construction, Hospitality Insurance, Financial Services, Government. Media, Oil and Gas, Distribution.
Synergy is particularly well known as a Gold Partner of both Infor Sunsystems, and Microsoft Dynamics Ax and for its implementation expertise and exceptional support. It is based centrally in Dubai in the Karama district since it was registered in 1991, and occupies a 7,000 sq ft office with around 80 full time employees.